We try to use our IDP (Entra ID) as a single sorce of truth for user roles and access. 

Our users login to JitBit via SAML SSO. 

It would be nice to be able to assign users to departements or roles (manager, technician etc) based on their groups in the IDP. 

This could be achieved via either either group claims sent in the SAML request, or via group provisioning via SCIM. Both these methods would worth for any standard IDP (Entra, Okta, etc), and would not impact organistions who choose not to deploy them.